[Cryptography] Security on TRIM for full-disk encrypted SSDs

Michael Kjörling michael at kjorling.se
Thu Apr 21 05:57:19 EDT 2016


On 20 Apr 2016 10:52 -0700, from hughejp at me.com (james hughes):
>> On Apr 19, 2016, at 5:03 PM, Valmiky Arquissandas <crypto-metzdowd at kayvlim.com> wrote:
>> 
>> I understand at least some of the theory - encrypted information is
>> supposed to be indistinguishable from random noise, and TRIM
>> reveals patterns; and a plausible deniability scenario would
>> probably be unacceptable.
> 
> Can you please explain? 
> 
> Assuming reasonable encryption, I do not understand what patters are
> being revealed.

I believe Valmiky is referring to the fact that an attacker would be
able to tell which portions of the drive hold data and which do not,
which would allow them to concentrate their crypto-breaking efforts on
the portions that actually hold data. Data in well-known locations can
also provide likely candidates for known-plaintext attacks.

That said, I don't really see why an attacker would choose to attack a
random block on the drive, rather than (say) the header which often
has well-known data in well-known locations. For the huge majority of
users even who use full disk encryption, assuming the attacker really
wants access to the data and not just a quick exchange of cash for a
piece of hardware they didn't have the day before, attacking the
passphrase is almost certainly easier than attacking the crypto.

-- 
Michael Kjörling • https://michael.kjorling.semichael at kjorling.se
                 “People who think they know everything really annoy
                 those of us who know we don’t.” (Bjarne Stroustrup)


More information about the cryptography mailing list